About Code Scalpel

Code Scalpel is an MCP (Model Context Protocol) server that gives AI coding agents like Claude, Cursor, VS Code Copilot, and Cline real understanding of your codebase. Instead of seeing code as text, your AI can parse structure, trace dependencies, detect security vulnerabilities, and modify code safely — all with 22 specialized tools.

Yes. The Community tier is free forever and includes all 22 MCP tools with full audit logging. No credit card required. No time limits. No feature gating on core tools.

Pro and Enterprise tiers are currently in free beta. Apply to test advanced features like visual code maps, Oracle Resilience, and compliance reporting. Pricing will be announced before launch.

No. Code Scalpel runs 100% locally on your machine. Your code never leaves your computer. The MCP server processes everything using local AST parsing — no telemetry, no cloud calls, no data exfiltration. See our security policy.

Full AST parsing support for Python, JavaScript, TypeScript, Java, JSX, TSX, C, C++, and C#. This means every analysis (code structure, security scanning, dependency tracking, symbolic execution) works with real syntax trees — not regex pattern matching.

Any MCP-compatible client works, including:

• Claude Desktop (Anthropic)
• VS Code with GitHub Copilot
• Cursor
• Cline, Windsurf, and other MCP clients

Code Scalpel also has a standalone CLI for scripting, CI/CD pipelines, and manual analysis. See installation guides for each editor.

Linters are built for humans reading reports. Code Scalpel is built for AI agents that need to understand and change code.

• Linters read one file at a time — Code Scalpel tracks dependencies across your entire project
• Linters report problems — Code Scalpel gives AI agents tools to fix them safely
• Linters use pattern matching — Code Scalpel uses taint-based security analysis that traces data flow
• Linters have no audit trail — Code Scalpel logs every AI decision

About 30 seconds. For most editors, add a few lines to your MCP config and restart:

Or install via pip: pip install codescalpel

Oracle Resilience is Code Scalpel's intelligent error-handling middleware (v1.3+). When an AI agent makes an error or sends malformed parameters, Oracle Resilience detects the failure and provides the agent with a corrected suggestion so it can retry successfully. This dramatically reduces broken tool calls and improves agent reliability.

Yes. Code Scalpel includes a full CLI mode for scripting and pipeline integration. Use it for automated security scanning, dependency checks, and compliance validation in GitHub Actions, GitLab CI, Jenkins, and more.

See our CI/CD integration guides.

Code Scalpel is open-core. The Community tier is MIT-licensed and the code ships openly for transparency and security auditing. Pro and Enterprise tiers add commercial features (visual code maps, Oracle Resilience, compliance reporting) for teams with advanced needs. Commercial licenses fund continued development.

The Enterprise tier includes compliance checking against OWASP Top 10, SOC2, HIPAA, GDPR, PCI-DSS, and organization-specific policies via Open Policy Agent (OPA) rules. Cryptographic policy verification ensures governance configs haven't been tampered with.

Compare tiers or contact sales for Enterprise details.

Community (Free): All 22 functional tools, full audit logging, local-only execution. Perfect for individual developers and open source projects.

Pro: Everything in Community plus visual code maps, advanced cross-file analysis, Oracle Resilience, higher limits, and priority support. Built for serious projects and available now through beta-key signup.

Enterprise: Everything in Pro plus cryptographic policy verification, compliance evidence generation, fail-closed enforcement, and organization-wide audit controls. Built for regulated industries with custom deployment and pricing.

See full pricing comparison →